Jeremy Newman : update generate_passwd to be stronger - wine-commits

18 Jul 2018

Module: appdb
Branch: master
Commit: ca2c14ebead2840510103198f53216a5e3616208
URL:    https://source.winehq.org/git/appdb.git/?a=commit;h=ca2c14ebead2840510103198...
Author: Jeremy Newman jnewman@codeweavers.com
Date:   Wed Jul 18 13:12:38 2018 -0500
update generate_passwd to be stronger
mt_rand in PHP is not considered to be cryptographically stong
use openssl_random_pseudo_bytes instead
---
include/user.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/include/user.php b/include/user.php
index 5a4b428..6626b0e 100644
--- a/include/user.php
+++ b/include/user.php
@@ -417,16 +417,16 @@ class User {
      /**
       * Creates a new random password.
       */
-     public static function generate_passwd($pass_len = 10)
+     public static function generate_passwd($pass_len = 20)
      {
-         $nps = "";
-         mt_srand ((double) microtime() * 1000000);
-         while (strlen($nps)<$pass_len)
-         {
-             $c = chr(mt_rand (0,255));
-             if (preg_match("/[a-zA-Z0-9]/", $c)) $nps = $nps.$c;
+         $alphanum = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+         $alphanum_length = strlen($alphanum);
+         $random = openssl_random_pseudo_bytes($pass_len);
+         $passwd = '';
+         for ($i = 0; $i < $pass_len; ++$i) {
+             $passwd .= $alphanum[ord($random[$i]) % $alphanum_length];
          }
-         return ($nps);
+         return $passwd;
      }
/**

    